mirror of
https://github.com/samba-team/samba.git
synced 2024-12-25 23:21:54 +03:00
90 lines
2.8 KiB
XML
90 lines
2.8 KiB
XML
<?xml version="1.0" encoding="iso-8859-1"?>
|
|
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
|
<refentry id="idmap_adex.8">
|
|
|
|
<refmeta>
|
|
<refentrytitle>idmap_adex</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
<refmiscinfo class="source">Samba</refmiscinfo>
|
|
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
|
|
<refmiscinfo class="version">3.2</refmiscinfo>
|
|
</refmeta>
|
|
|
|
|
|
<refnamediv>
|
|
<refname>idmap_adex</refname>
|
|
<refpurpose>Samba's idmap_adex Backend for Winbind</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<title>DESCRIPTION</title>
|
|
<para>
|
|
The idmap_adex plugin provides a way for Winbind to read
|
|
id mappings from an AD server that uses RFC2307 schema
|
|
extensions. This module implements both the idmap and nss_info
|
|
APIs and supports domain trustes as well as two-way cross
|
|
forest trusts. It is a read-only plugin requiring that the
|
|
administrator provide mappings in advance by adding the
|
|
POSIX attribute information to the users and groups objects
|
|
in AD. The most common means of doing this is using "Identity
|
|
Services for Unix" support on Windows 2003 R2 and later.
|
|
</para>
|
|
|
|
<para>
|
|
Note that you must add the uidNumber, gidNumber, and uid
|
|
attributes to the partial attribute set of the forest global
|
|
catalog servers. This can be done using the Active Directory Schema
|
|
Management MMC plugin (schmmgmt.dll).
|
|
</para>
|
|
</refsynopsisdiv>
|
|
|
|
<refsynopsisdiv>
|
|
<title>NSS_INFO</title>
|
|
<para>
|
|
The nss_info plugin supports reading the unixHomeDirectory,
|
|
gidNumber, loginShell, and uidNumber attributes from the user
|
|
object and the gidNumber attribute from the group object to
|
|
fill in information required by the libc getpwnam() and
|
|
getgrnam() family of functions. Group membership is filled in
|
|
according to the Windows group membership and not the
|
|
msSFU30PosixMember attribute.
|
|
</para>
|
|
|
|
<para>
|
|
Username aliases are implement by setting the uid attribute
|
|
on the user object. While group name aliases are implemented
|
|
by reading the displayname attribute from the group object.
|
|
</para>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>EXAMPLES</title>
|
|
<para>
|
|
The following example shows how to retrieve idmappings and NSS data
|
|
from our principal and trusted AD domains.
|
|
</para>
|
|
|
|
<programlisting>
|
|
[global]
|
|
idmap backend = adex
|
|
idmap uid = 1000-4000000000
|
|
idmap gid = 1000-4000000000
|
|
|
|
winbind nss info = adex
|
|
winbind normalize names = yes
|
|
</programlisting>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>AUTHOR</title>
|
|
|
|
<para>
|
|
The original Samba software and related utilities
|
|
were created by Andrew Tridgell. Samba is now developed
|
|
by the Samba Team as an Open Source project similar
|
|
to the way the Linux kernel is developed.
|
|
</para>
|
|
</refsect1>
|
|
|
|
</refentry>
|